Full Disclosure mailing list archives
CVE-2018-12090 - LAMS < 3.1 Unauthenticated Cross-Site Scripting
From: Nikola Kojic <nikola.kojic () ras-it rs>
Date: Mon, 6 Aug 2018 12:15:12 +0200
# Exploit Title: LAMS < 3.1 - Unauthenticated Reflected XSS # Date: 2018-08-06 # Exploit Author: Nikola Kojic # Website: https://ras-it.rs/ # Vendor Homepage: https://www.lamsfoundation.org/ # Software Link: https://www.lamsfoundation.org/downloads_home.htm # Category: Web Application # Platform: Java # Version: < 3.1 # CVE : 2018-12090 1. Vendor Description:LAMS is a revolutionary new tool for designing, managing and delivering online collaborative learning activities. It provides teachers with a highly intuitive visual authoring environment for creating sequences of learning activities.
2. Technical Details and Exploitation:There is unauthenticated reflected cross-site scripting (XSS) in LAMS before 3.1 that allows a remote attacker to introduce arbitrary JavaScript via manipulation of an unsanitized GET parameter during a forgotPasswordChange.jsp?key= password change.
3. Proof of Concept: http://localhost:8080/lams/forgotPasswordChange.jsp?key=%22%3E%3Cimg%20src=x%20onerror=alert(document.domain)%3E 4. Solution: The vendor has fixed the issues and released the patches. https://code.lamsfoundation.org/fisheye/changelog/lams-github?cs=6825a5272d3a48f8cafa370b0e0107cc9077cff6 5. Timeline: 2018-06-07: Discovered 2018-06-08: Vendor notified 2018-06-08: Vendor replies 2018-06-11: CVE number requested 2018-06-11: CVE number assigned 2018-06-15: Patch released 2018-08-05: Public disclosure _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- CVE-2018-12090 - LAMS < 3.1 Unauthenticated Cross-Site Scripting Nikola Kojic (Aug 07)